← IdenTrust Services, LLC cases
Bugzilla #1991215
Certificate Misissuance
IdenTrust: ICA with invalid CDP
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust issued a subordinate CA certificate on September 15, 2025, which contained an invalid Certificate Revocation List (CRL) Distribution Point (CDP). The error was identified the following day, leading to the certificate's revocation on September 17, 2025. The mis-issuance was due to an incorrect value being copied into the certificate profile, which went undetected due to a lack of enforcement in the approval workflow. No end-entity certificates were issued from this CA, thus no relying parties were affected. IdenTrust has since implemented a systematic enforcement mechanism to ensure all certificate profiles undergo proper review before issuance.
Chronology
- Issued production Subordinate CA
- Identified issue with production Subordinate CA
- Revoked the misissued Subordinate CA
- Report closure summary provided
Participants
IdenTrust
External References
Similar Local Cases
IdenTrust: Improper encoding of wildcard certificate
IdenTrust: Root OCSP Signer certificate mis-issuance
IdenTrust: Invalid special characters in S/MIME Certificates
IdenTrust: Issuance of OV SSL Certificate with doc vetting older than 398 days
IdenTrust: Validation Source for EV Certificates not Publicly Disclosed
IdenTrust: CT Logging Mistakes
IdenTrust: Delay beyond 5 days in revoking misissued certificates
IdenTrust: Approval of TLS certificate renewal without domain validation